Advertisement

11.26.2007 at 06:23AM PST, ID: 22982375
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.0

Issues with Intrasite Replication

Asked by Zen_Internet in Active Directory, Windows 2003 Server

Tags: ,

Hi there, I've attached a dump of the results of DCDIAG from a DC in our DMZ. We have 4 DC's and one site, one domain, one tree.

There are two ISA server firewalls that segment the network into chunks, though for the purposes of fault-finding, I have created some temporary allow any/any rules, allowing all traffic to and from the DC's.

Frodo and Samwise are on the same segment (the same as my pc)
Pippin is in the DMZ and separated by ISA
Bilbo is in a "Services" network, also separated by an ISA server.

I need help in figuring out what is going on with the errors in DCDiag, the don't make much sense to me as I seem to be getting different results, depending on where I run the tool from. In addition, I have disabled the "Enforce Strict RPC Compliance" option on the RPC Filter in ISA.

Any help would be much appreciated.
DaveStart Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:

Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Connectivity
         [FRODO] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... FRODO failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Connectivity
         [SAMWISE] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... SAMWISE failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Connectivity
         ......................... PIPPIN passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Connectivity
         [BILBO] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... BILBO failed test Connectivity
 
Doing primary tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Skipping all tests, because server FRODO is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Skipping all tests, because server SAMWISE is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Replications
         ......................... PIPPIN passed test Replications
      Starting test: Topology
         ......................... PIPPIN passed test Topology
      Starting test: CutoffServers
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... PIPPIN passed test CutoffServers
      Starting test: NCSecDesc
         ......................... PIPPIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... PIPPIN passed test NetLogons
      Starting test: Advertising
         ......................... PIPPIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: SAMWISE is the Schema Owner, but is not responding to DS RPC Bind.
         Warning: FRODO is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         ......................... PIPPIN failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PIPPIN failed test RidManager
      Starting test: MachineAccount
         ......................... PIPPIN passed test MachineAccount
      Starting test: Services
         ......................... PIPPIN passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... PIPPIN passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... PIPPIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PIPPIN passed test frssysvol
      Starting test: frsevent
         ......................... PIPPIN passed test frsevent
      Starting test: kccevent
         ......................... PIPPIN passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:42:19
            (Event String could not be retrieved)
         ......................... PIPPIN failed test systemlog
      Starting test: VerifyReplicas
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... PIPPIN failed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... PIPPIN passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         Can't determine the age of the cross-ref
 
         CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition
 
         CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so following
 
         errors relating to this cross-ref/partition may disappear after
 
         replication  coalesces.  Please ensure that replication is working
 
         from the Domain Naming FSMO to this DC, and retry this test to see if
 
         errors continue. 
         Can't determine the age of the cross-ref
 
         CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=office,DC=zen,DC=co,DC=uk, so following errors
 
         relating to this cross-ref/partition may disappear after replication
 
         coalesces.  Please ensure that replication is working from the Domain
 
         Naming FSMO to this DC, and retry this test to see if errors continue.
 
         ......................... PIPPIN failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... PIPPIN passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Skipping all tests, because server BILBO is
      not responding to directory service requests
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
            For the partition
 
            (CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk) we
 
            encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Schema failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
            For the partition (CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Configuration failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
            For the partition (DC=office,DC=zen,DC=co,DC=uk) we encountered the
 
            following error retrieving the cross-ref's
 
            (CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... office failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.zen.co.uk
      Starting test: Intersite
         Doing intersite inbound replication test on site
 
         ZenInternet-OfficeNetwork: 
            * Warning: Current ISTG failed, ISTG role should be taken by PIPPIN
 
             in 6 hours and 13 minutes. 
         ......................... office.zen.co.uk passed test Intersite
      Starting test: FsmoCheck
         ......................... office.zen.co.uk passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: frodo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
            
            DC: samwise.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
            
            DC: bilbo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.zen.co.uk
               frodo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  
               samwise                      PASS FAIL n/a  n/a  n/a  n/a  n/a  
               bilbo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... office.zen.co.uk failed test DNS
[+][-]11.26.2007 at 06:59AM PST, ID: 20350213

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.26.2007 at 11:15AM PST, ID: 20352195

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.26.2007 at 03:06PM PST, ID: 20354058

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 12:55AM PST, ID: 20356415

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 01:07AM PST, ID: 20356442

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 01:15AM PST, ID: 20356473

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 01:25AM PST, ID: 20356510

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 07:02AM PST, ID: 20358305

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.27.2007 at 09:53AM PST, ID: 20359813

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Active Directory, Windows 2003 Server
Tags: error, replication
Sign Up Now!
Solution Provided By: geniph
Participating Experts: 3
Solution Grade: A
 
 
[+][-]11.27.2007 at 01:29PM PST, ID: 20361490

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081112-EE-VQP-44 / EE_QW_2_20070628